Log static IP wireless connections?

So, after running DD-WRT v23 SP1 on the WRT54G v3 for a long time, it or the way I set it up couldn't handle 5k connections from peers; I switched to tomato 1.28 to see if it would help. It did, but the CPU was still loaded hard (1.3+ at times) so following the notion of some Google searches I switched the wireless encryption mode to TKIP only instead of TKIP+AES (the wireless client whom 5000 connections goes to displayed AES for the encryption type in the wifi utility, now TKIP) and it is under .4 all the time now.

I have disabled logging and would like to know whether I can log ALL wireless clients connecting, for security, and possibly have it blink the SES LED's when anyone is connected other than recognized MAC addresses. There is a checkbox to log DHCP requests but anyone trying to get onto my network may recognize it's a WRT or any router that will display the DHCP leases and just set a static IP to be unnoticed.

It can't be too hard to write a script that logs this single unique-in-some-way event and runs a loop of commands ("gpio something something" to turn on or off the SES led) when comparing the MAC against the few that I ever use? Anyone want to make it for the community, or simply help to implement this event into the normal system log so it can be searched every week or month?

I'm bumping this cause the more I think about it and even before, I realize this is totally an essential feature. If one cracks the WPA or WEP (some people just have to use it for compatibility) and connect with a static IP, once they are gone, how does the owner know that somebody may have wasted their bandwidth, snooped their network, or done something malicious/illegal? There has to be a way to log or view all wireless connections made, static IP or not. I have yet to see something like this, perhaps it is viewable in the console since it is running linux?

Just some other thoughts:
Why are there so many connections? Or more importantly: why didn't you set a connection limit that's not killing the router?

I was surprised that switching from AES to TKIP helped. I always thought that this was done in hardware and the CPU of the router wouldn't have to deal with that. So maybe somebody can clearify that.

Using WPA2 and an appropiate password usually keeps the bad guys away. Except you have to use WEP. Then there is another problem: encryption of network traffic because getting access to your network is easy. I just realized that there is an option to only allow access to the GUI over HTTPS. I would recommend enabling this option. It's under Administration/Admin Access. Disabling telnet access and limiting connection attempts for ssh should be ticked, too.

This reminds me that I've never searched for how to harden your Tomato...